The latest in banking scams: What to look out for

Ensuring your banking and personal details are secure has never been more important, especially when criminals’ methods are getting smarter and their technology more advanced. To get a better understanding of the situation, we spoke to Absa's Head of Fraud for Everyday Banking, Ulrich Janse Van Rensburg, who is responsible for ensuring that Absa stays a step ahead of criminals by designing and establishing effective solutions that protect customers.

Why do we need cybersecurity specialists and what does the job entail?

Cybersecurity in the digital age has become a big problem. More and more people are starting to fall victim to cybercriminals who have found creative ways of stealing personal information. For this reason, specialists such as Ulrich need to create systems that ensure that our personal and banking details remain secure. In simple terms, Ulrich described what his team does as “setting booby-traps for criminals”, which entails planning ahead and “considering what controls you would need and what future threats would look like in terms of cyber fraud”. This job is no small task. Every time criminals find a new way of engaging in fraudulent activities, Ulrich and his team need to find more creative ways of stopping them.

How do fraudsters gain access to my information?

According to Ulrich, “fraudsters can get your card details from the dark web, a bureau, or a point of sale breach”. The first red flag is that they would need to authorise the transactions by using the one-time PIN (OTP) that your bank will send to your phone or email in the case of a transaction – which is where Ulrich says criminals tend to get creative. Leveraging the fear that consumers have when it comes to fraud and online transactions, Ulrich says that fraudsters are likely to contact the individual and “create a sense of panic” by stating that there has been an unauthorised debit order on that person’s account and an OTP is needed to reverse the transaction. In the state of panic, consumers sometimes provide the OTP without realising that they are facilitating and authorising the transaction they are so afraid of. It is important to note that you will never be asked for an OTP by an Absa employee – or any bank, for that matter – and if someone is asking you for one, you should report their number immediately.

What are the types of scams I should look out for?

One of the most frequently encountered scams is known as social engineering. Similar to the scenario in which the consumer is asked to provide an OTP, this refers to when fraudsters contact an individual under the guise of a professional institution.

An example of social engineering is SMiShing – a tactic which involves the perpetrators sending unsuspecting consumers a fraudulent SMS in the hopes of gaining access to personal details. “Fraudsters may phone you and pretend to be an Absa employee. They will likely have sufficient information about the individual – something they can obtain from a bureau, for instance – and they will then use that information to create comfort and the impression that they are a legitimate entity engaging you”, warns Ulrich. Alternatively, they could send you an email with a hyperlink that leads to a fake – albeit very convincing – Absa website where you will be asked to enter information such as your online banking details – this is referred to as Phishing. Phishing is just another means for fraudsters to gain access to your information in order to perform illegal transactions. Here are some warning signs to look out for when you get a suspicious email:

• Is the website secure or not? Make sure that the website URL starts with https and reads https://www.absa.co.za/
• Cross-reference the website link with Google to see if it matches the official, verified Absa website.
• Take note of small inconsistencies in emails, such as whether you were addressed by name or not – Absa will always address you by name.
• If you’re unsure at any time, contact the Absa Fraud Department.

The phases of fraud

According to Ulrich, there are three phases of fraud:

1. Gaining access to data
2. Social engineering
3. Successfully committing the act of fraud

Phase two is crucial as this is where you can stop criminals in their tracks. You have the opportunity to protect yourself by keeping vital information private. As such, vigilance is key. Stay up-to-date on the latest scams, pay attention to detail where your banking is concerned, and understand what information your bank would or would not ask from you. For instance, Absa will never ask a customer to approve a transaction online, provide sensitive information such as your card or online banking PINs, or to process any transactions over the phone. If anyone contacts you under the pretence that they are the representative of your bank, and asks for any of the above information, you have cause for concern and should report them immediately.

How to stay safe against common scams

•  Ignore any SMS or email notification that asks you to follow a link and provide your username and password.
• Do not store any banking credentials on your smartphone.
• Do not let your browser (Safari, Chrome and others) save your banking passwords.
• Ensure that your banking credentials are unique and not used to log-in to any other websites, email accounts or apps.
• When selling your phone, ensure all your details are removed, the Absa Banking App is uninstalled and delinked from your banking profile, and the phone is reset to factory settings.
• Never leave your smartphone unattended when you are logged in.
• Use two-factor authentication whenever possible to increase the security of your login.
• Do not jailbreak (your iPhone), use pirated software or compromise the security of the software on your device as this could easily lead to attackers spying on you without your knowledge.
• Install a reputable anti-malware solution on your device to detect and block signs of malicious activity – and remember to keep the software updated to ensure maximum effectiveness.

Remember, Absa will not request your PIN, password, passcode, transaction verification or card CVV number. Always report any suspicious activity to the Absa Fraud Hotline immediately via the mobile banking app by using the ‘click to call’ functionality or simply call 0860 557 557 or +27 11 501 5089.